OK I checked all other similar answers, but thanks to people that downvote for no reason there is no actual response.
I am using Wordpress and I have a Mixed Content with a website https://oujdaportail.net/
It is generating this error:
Mixed Content: The page at 'https://oujdaportail.net/' was loaded over
HTTPS, but requested an insecure XMLHttpRequest endpoint
'http://oujdaportail.net/'. This request has been blocked; the content
must be served over HTTPS.
Chrome debug console has been completely useless!! It detects the error at the first line of source code where there is nothing to look up.
I am not sure how I should resolve this... I need help to capture the source of this issue.
Finally! I would be someone's hero...
After hours of struggle, it turned out that wp_head and wp_footer where responsible for generating unknown HTTP requests. And to fix it all I had to do is create a custom wp_head and wp_footer function just like this:
/**
* Wrapper for wp_head() which manages SSL
*
* #uses wp_head()
* #param bool $ssl
* #return void
*/
function custom_wp_head() {
// Capture wp_head output with buffering
ob_start();
wp_head();
$wp_head = ob_get_contents();
ob_end_clean();
// Replace plain protocols
$wp_head = preg_replace( '/(["\'])http:\/\//', '\1https://', $wp_head );
// Output
echo $wp_head;
}
function custom_wp_footer() {
// Capture wp_head output with buffering
ob_start();
wp_footer();
$wp_footer = ob_get_contents();
ob_end_clean();
// Replace plain protocols
$wp_footer = preg_replace( '/(["\'])http:\/\//', '\1https://', $wp_footer );
// Output
echo $wp_footer;
}
Related
I am writing a custom endpoint for a REST api in wordpress, following the guide here: https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/
I am able to write a endpoint that returns json data. But how can I write an endpoint that returns binary data (pdf, png, and similar)?
My restpoint function returns a WP_REST_Response (or WP_Error in case of error).
But I do not see what I should return if I want to responde with binary data.
Late to the party, but I feel the accepted answer does not really answer the question, and Google found this question when I searched for the same solution, so here is how I eventually solved the same problem (i.e. avoiding to use WP_REST_Response and killing the PHP script before WP tried to send anything else other than my binary data).
function download(WP_REST_Request $request) {
$dir = $request->get_param("dir");
// The following is for security, but my implementation is out
// of scope for this answer. You should either skip this line if
// you trust your client, or implement it the way you need it.
$dir = sanitize_path($dir);
$file = $request->get_param("file");
// See above...
$file = sanitize_path($file);
$sandbox = "/some/path/with/shared/files";
// full path to the file
$path = $sandbox.$dir.$file;
$name = basename($path);
// get the file mime type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $path);
// tell the browser what it's about to receive
header("Content-Disposition: attachment; filename=$name;");
header("Content-Type: $mime_type");
header("Content-Description: File Transfer");
header("Content-Transfer-Encoding: binary");
header('Content-Length: ' . filesize($path));
header("Cache-Control: no-cache private");
// stream the file without loading it into RAM completely
$fp = fopen($path, 'rb');
fpassthru($fp);
// kill WP
exit;
}
I would look at something called DOMPDF. In short, it streams any HTML DOM straight to the browser.
We use it to generate live copies of invoices straight from the woo admin, generate brochures based on $wp_query results etc. Anything that can be rendered by a browser can be streamed via DOMPDF.
I've read couple of previous post here but none of them is working in my case.. Basically, my blogging site is installed in a sub-directory of main website.. Main website in plain php and sub-directory is wordpress.. I allow users to read my blogs only after logged in. So, the thing is I frequently share the blog links in facebook where lots of new users come in from the link.
Main website is installed in => example.com
wordpress sub-directory in => example.com/blog
As I'm using the custom template login page (login.php), whenever the non-logged in users comes- first they are redirected to example.com/blog/login. I'm using this function to redirect to login page:
function redirect_user() {
if ( ! is_user_logged_in() && !is_page( 'login' ) ) {
$return_url = esc_url('http://www.example.com/blog/login');
wp_redirect( $return_url );
exit;
}
}
add_action( 'template_redirect', 'redirect_user' );
It redirect fine, without problem.. Then the main task of redirecting to the referrer url, I'm using the similar code above to direct to every logged in users to the referring url irrespective or post or page.. Again in the functions.php
if(is_user_logged_in())
wp_redirect('' . $_SERVER["REQUEST_URI"]);
I thought they would work but can't seems to understand that referring url is appending the sub-directory name... For example; the above code show result as:
example.com/blog/blog/blabla-blahblah.. You see the directory name is doubling..
Anyone's advice would be highly appreciated..
Having your WordPress website in a subdirectory will have no impact on what you are trying to do. Why? Because WordPress knows where it's located at, as you set the home and site URLs either in your wp-config.php file like this:
define('WP_HOME','http://example.com/blog');
define('WP_SITEURL','http://example.com/blog');
or by setting both in the Settings > General admin page:
Therefore, all of the rewrites and URLs will be relative to these URLs.
Handling the Referer Capture
When someone comes to one of the pages on your site, you want to capture that original request and add it as a redirect_to= query arg. Then you can send them to the login page.
add_action( 'wp', 'redirect_to_login_if_unauthorized', 3 );
/**
* Redirect the user to the login, but capture the original
* referer and add to the query arg.
*
* #since 1.0.0
*
* #param WP $wp_environment Current WordPress environment instance (passed by reference).
*
* #return void
*/
function redirect_to_login_if_unauthorized( WP $wp_environment ) {
if ( is_user_logged_in() ) {
return;
}
if ( $wp_environment->request ) {
$request = home_url( add_query_arg( array(), $wp_environment->request ) );
} else {
$request = home_url();
}
$redirect = home_url() . '/wp-login.php?redirect_to=' . $request;
wp_redirect( $redirect );
die();
}
How it Works
The event wp fires in wp-includes/class-wp.php. It passes the object instance of the WordPress environment setup. Here is the code from WordPress Core:
do_action_ref_array( 'wp', array( &$this ) );
This environment object has a property that we want called request. That property has the URL request (minus the blog's home URL).
If the $wp_environment->request has a value, we'll add it to the home URL as a query arg; else, we just want the home URL. Now we have the referer.
Next, you create the redirect URL, which has the path to the login page and the redirect_to query arg.
An Example
Let's say you have a post called Why I Love WordPress and the path to that post is http://example.com/blog/why-i-love-wordpress.
The value in the $request would be:
http://example.com/blog/why-i-love-wordpress
and the redirect URL would be:
http://example.com/blog/wp-login.php?redirect_to=http://example.com/why-i-love-wordpress
Upon logging in, the user is then redirected to the original page request.
Tip - Handle Logout Too
You'll want to think about the pathing after a user logs out and then build a proper request to it too.
I'm using a small JSON API for URL shortener that I would like to integrate on all my Wordpress pages.
I know how to render the Wordpress page URL but what I don't know (due to no experience with APIs) is how to render the API result on the Wordpress page.
Here is the API call:
http://abc.net/api?api=123&url=LONGURL
Here is the API result:
{
"error":"0",
"short":"http://abc.net/ALIAS",
}
Here is the WP url that needs to replace the "LONGURL" above:
<?php echo get_permalink(); ?>
What I need is to show the "short" result.
Any ideas?
Assuming you've set allow_url_fopen to true in php.ini
function get_short_permalink() {
$permalink = get_permalink();
$response = file_get_contents('http://abc.net/api?api=123&url=' . $permalink);
$response = json_decode($response, true);
if($response['error'] == 0) {
return $response['short'];
}
return $permalink;
}
Then replace <?php echo get_permalink(); ?> with <?php echo get_short_permalink(); ?> in your templates.
What this function does:
gets the original permalink
sends a GET request to your API
transforms the response from a JSON string to a PHP array (see the docs for the bool $assoc parameter of json_decode)
returns the shortened link if the error code is 0, or the original link if not
You'll have to work with cURL if you can't (or don't want to) enable url_fopen.
Also, WordPress has a built-in wrapper over cURL that could simplify things a lot: wp_remote_get
Is it is possible to send emails with the wp_mail() function having its Content-Type: multipart/alternative ?
I need to send emails that can be shown as HTML or Plain Text depending on what medium interprets the email.
Any suggestions are welcome!
It's right there in the wp_mail() documentation (under Usage):
The default content type is 'text/plain' which does not allow using HTML. You can set the content type of the email either by using the 'wp_mail_content_type' filter (see example below), or by including a header like "Content-type: text/html". Be careful to reset 'wp_mail_content_type' back to 'text/plain' after you send your message, though, because failing to do so could lead to unexpected problems with e-mails from WP or plugins/themes.
(emphasis mine)
The 2nd example on the page shows you how to do it (the example uses text/html but you should be able to use your multipart/alternative instead.
It's totally possible when you have access to the phpmailer instance.
if ($is_html)
add_action('phpmailer_init', 'fix_mimeheader');
// more code.
wp_mail( $to, $subject, $html_message, $headers, $attachments );
// ...
function fix_mimeheader( $phpmailer ) {
// Generate $text_message here.
// ...
$phpmailer->AltBody = $text_message;
}
The message sent to wp_mail should be your html code. You also shouldn't include any content type headers. I currently use from, cc and reply-to in the plugin i've made.
If the email is being sent as HTML, I run the action which sets the AltBody property on the phpmailer object directly. This then causes the proper flags to convert the email to a multipart/alternative email.
You can use the wp_mail_content_type filter, which was now been documented in the Codex.
The wp_mail documentation about resetting the content type back to 'text/plain' is kind of misleading, IMO. Since this is a filter, you don't really "reset" it. What you need to consider in your filter is some conditional logic to determine when you need to use multipart vs. plain text or html:
add_filter( 'wp_mail_content_type', 'my_mail_content_type' );
function my_mail_content_type( $content_type ) {
if( $some_condition ) {
return 'multipart/mixed';
} else {
return 'text/plain';
}
}
I am wondering, based on the code bellow, where I would want to put my wp_redirect function because where it currently is does nothing but spazzes out and sais:
Warning: Cannot modify header information - headers already sent by (output started at /***/***/WordPress/WordPressDev/wp-includes/script-loader.php:664) in /***/***/WordPress/WordPressDev/wp-includes/pluggable.php on line 881
Which I get because the page has already loaded. but I am un sure where to call this function.
I have replace my web site and any "personal data" with stars and example.com. How ever this code does work, it just wont redirect me.
thoughts?
function get_latest_version_zip(){
global $wp_filesystem;
if(current_user_can('update_themes')){
$aisis_file_system_structure = WP_Filesystem();
$aisis_cred_url = 'admin.php?page=aisis-core-update';
if($aisis_file_system_structure == false){
request_filesystem_credentials($aisis_cred_url);
$this->credential_check = true;
}
$aisis_temp_file_download = download_url( 'http://example.com/aisis/aisis_update/Aisis2.zip' );
if(is_wp_error($aisis_temp_file_download)){
$error = $aisis_temp_file_download->get_error_code();
if($error == 'http_no_url') {
add_action( 'admin_notices', 'aisis_framework_download_update_erors' );
}
}
$aisis_unzip_to = $wp_filesystem->wp_content_dir() . "/themes/" . get_option('template');
$this->delete_contents_check(); //Check if we need to delete the aisis core folder.
$aisis_do_unzip = unzip_file($aisis_temp_file_download, $aisis_unzip_to);
unlink($aisis_temp_file_download); //delete temp jazz
if(is_wp_error($aisis_do_unzip)){
$error = $aisis_do_unzip->get_error_code();
if($error == 'incompatible_archive') {
$this->aisis_incompatible_archive_errors();
}
if($error == 'empty_archive') {
$this->aisis_empty_archive_errors();
}
if($error == 'mkdir_failed') {
$this->aisis_mkdir_failed_errors();
}
if($error == 'copy_failed') {
$this->aisis_copy_failed_errors();
}
return;
}
//throwing errors
wp_redirect(admin_url('admin.php?page=aisis-core-options'));
exit;
}
}
in my functions.php file I placed the following code:
function callback($buffer){
return $buffer;
}
function add_ob_start(){
ob_start("callback");
}
function flush_ob_end(){
ob_end_flush();
}
add_action('wp_head', 'add_ob_start');
add_action('wp_footer', 'flush_ob_end');
with this I still get the error, I think I misunderstanding something....
Just replace the following line
add_action('wp_head', 'add_ob_start');
with
add_action('init', 'add_ob_start');
Output buffering should start before anything sent/echoed to the browser and wp_head hook occurs a bit later than init hook and till then headers already sent and also Keep/place it at the top of your functions.php before anything echoed/sent to the browser.
The problem is that somewhere in wordpress the header() function has been called and some output was already sent to the client while output buffering is off.
Headers have to be sent before any output, otherwise you get the error you described.
wp_redirect(admin_url('admin.php?page=aisis-core-options'));
The above line sets a header like this: header('Location: admin.php......');
Turning on output buffering via php.ini, at the index.php of wordpress or simply before anything is echo'ed to the client should take care of the error.
Details/Documentation can be found here: http://php.net/manual/en/book.outcontrol.php
simplest way i can think of is make your wordpress index.php look like this:
ob_start();
// content of your index.php here
ob_flush();
Another possibility would be adding a priotity:
add_action('wp_head', 'add_ob_start', 1);
The third param is $priority.
Also, if you're hooking in more than one function, it gives you complete control of the execution chain.